fix(security): close cross-tenant IDOR gaps in OAuth credential and execution auth

[waleedlatif1]

Summary

• Several tool routes (gmail/label, onedrive/files, onedrive/folder, outlook/folders, wealthbox/item, auth/oauth/wealthbox/item) called resolveOAuthAccountId then only checked workspace permissions when workspaceId was set — the legacy account-ID fallback path returned no workspaceId, silently skipping all ownership validation. Any authenticated user could supply a raw account.id to access another tenant's OAuth credentials
• Replace all instances with authorizeCredentialUse, which enforces ownership on every credential type including the legacy fallback path
• Add authorizeCredentialUse ownership gate before resolveVertexCredential in providers/route.ts (Vertex AI credential path had the same gap)
• Add verifyFileAccess check in wordpress/upload before downloadFileFromStorage — file key was user-supplied with no ownership verification
• Add optional workflowId filter to all PauseResumeManager methods (enqueueOrStartResume, beginPausedCancellation, etc.) — previously looked up paused executions by executionId only, allowing any authenticated user to cancel or resume another tenant's paused workflow execution; update all call sites (cancel, resume, poll routes)

Type of Change

• Bug fix

Testing

Tested manually. authorizeCredentialUse backwards-compatibility verified: legacy account-ID callers who own their credentials still work (ownership enforced); HITL manager workflowId param is optional so internal self-calls without it are unaffected; verifyFileAccess confirmed to exist and match usage.

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Actions	Updated (UTC)
docs	Skipped		May 11, 2026 3:36am

[cursor]

PR Summary

High Risk
High risk because it changes authorization/credential access paths and pause/resume/cancel execution flows, which are security-critical and could block legitimate requests if the new checks are misapplied.

Overview
Closes cross-tenant IDOR gaps by replacing per-route resolveOAuthAccountId + ad-hoc checks with centralized authorizeCredentialUse gating in multiple OAuth-backed tool routes (Gmail, OneDrive, Outlook, Wealthbox) and the Wealthbox OAuth item endpoint.

Adds an explicit credential-ownership check before resolving Vertex credentials in providers requests, and adds verifyFileAccess enforcement to wordpress/upload before downloading from storage.

Hardens HITL pause/resume/cancel by threading workflowId through PauseResumeManager queue/cancellation APIs and updating resume, poll, and cancel routes to scope paused-execution lookups by (executionId, workflowId); also normalizes error handling to use toError() in a couple of routes.

^{Reviewed by Cursor Bugbot for commit 86f3a53. Configure here.}

[greptile-apps]

Greptile Summary

This PR closes cross-tenant IDOR vulnerabilities in OAuth credential access and paused-execution management by centralizing auth enforcement in authorizeCredentialUse and adding workflowId scoping to all PauseResumeManager database operations.

• Credential access: Replaces the ad-hoc resolveOAuthAccountId + conditional workspace-permission pattern in 6 routes with authorizeCredentialUse, which enforces ownership on every credential type including the legacy account-ID fallback path. The credential-access.ts changes also remove the now-redundant if (actingUserId) guards since actingUserId is always defined after the top-level auth assertion.
• HITL cancellation/resume: Adds workflowId to every PauseResumeManager method and threads it through every external API call site and all internal call sites within the manager itself.
• WordPress upload: Gates downloadFileFromStorage behind verifyFileAccess when a storage key is present, with a hard failure when userId is unavailable.

Confidence Score: 5/5

Safe to merge — all credential and execution paths now enforce ownership on every code branch, with no identified regressions.

All call sites of processQueuedResumes and the cancellation methods have been updated to pass workflowId, including the previously flagged internal sites inside startResumeExecution, persistPauseResult, and clearPausedCancellationIntent. The authorizeCredentialUse refactor is consistent across all six tool routes and the Vertex provider path. The credential-access.ts guard removal is safe because actingUserId is always defined after the top-level auth assertion. No new gaps were found.

No files require special attention. The HITL manager and credential-access module are the highest-impact files and both look correct.

Important Files Changed

Filename	Overview
apps/sim/lib/auth/credential-access.ts	Removes dead if (actingUserId) guards so membership and workspace-permission checks are now unconditional on all credential paths — closes the legacy account-ID IDOR gap.
apps/sim/lib/workflows/executor/human-in-the-loop-manager.ts	Adds required workflowId parameter to all six paused-execution DB methods and threads it through every internal call site.
apps/sim/app/api/workflows/[id]/executions/[executionId]/cancel/route.ts	Passes workflowId to all PauseResumeManager cancellation calls; replaces untyped error.message with toError(error).message.
apps/sim/app/api/resume/[workflowId]/[executionId]/[contextId]/route.ts	Forwards workflowId to enqueueOrStartResume and the error-recovery processQueuedResumes call.
apps/sim/app/api/tools/wordpress/upload/route.ts	Adds verifyFileAccess gate before downloadFileFromStorage when a storage key is present.
apps/sim/app/api/providers/route.ts	Adds authorizeCredentialUse gate before resolveVertexCredential, closing the Vertex AI credential IDOR gap.

_{Reviews (5): Last reviewed commit: "fix(security): thread workflowId through..." | Re-trigger Greptile}

[waleedlatif1]

@cursor review

[waleedlatif1]

@greptile

[cursor]

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

^{Reviewed by Cursor Bugbot for commit 94bc2e2. Configure here.}

[waleedlatif1]

Follow-up fix (fd234ac): threaded workflowId through the remaining 4 processQueuedResumes call sites in human-in-the-loop-manager.ts that were still missing it — persistPauseResult (line 267), startResumeExecution success path (line 507), startResumeExecution error path (line 535), and clearPausedCancellationIntent (line 1692). In all cases workflowId was already in scope; this just wires it through to the existing optional parameter. All 4 call sites now pass tenant scope — no remaining gaps.

[waleedlatif1]

Quality pass complete (0d4c9c6):

• catch (error: any) → catch (error) + toError(error).message in both the resume route and cancel route — no more type escape hatch on caught errors
• WordPress upload: removed 4 what-not-why inline comments (Process file, Use provided filename, Upload to WordPress using multipart, Add optional metadata)
• OneDrive files: collapsed the debug item-breakdown reduce+log and the file-IDs log into a single structured info log; consolidated the URL-branch comments into one truthful line; simplified the .filter() call
• HITL manager (updateSnapshotAfterResume): removed 3 redundant DAG-edge comments

All 4 original review threads were already resolved before this pass. Lint is clean.

[waleedlatif1]

@cursor review

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[waleedlatif1]

@greptile

[waleedlatif1]

@greptile

[waleedlatif1]

@cursor review

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 86f3a53. Configure here.}

[cursor]

Required workflowId silently skipped when empty string passed

Medium Severity

Several PauseResumeManager methods declare workflowId as a required string parameter but internally use falsy checks (workflowId ? ... : ... or ...(workflowId ? [...] : [])) to conditionally apply the filter. Since empty string "" is falsy in JavaScript, an empty-string workflowId silently degrades to the old executionId-only lookup, bypassing the cross-tenant scoping this PR intends to enforce. The type system won't catch this because "" satisfies string. Methods affected include beginPausedCancellation, completePausedCancellation, blockQueuedResumesForCancellation, clearPausedCancellationIntent, processQueuedResumes, and enqueueOrStartResume.

Additional Locations (2)

• apps/sim/lib/workflows/executor/human-in-the-loop-manager.ts#L1631-L1645
• apps/sim/lib/workflows/executor/human-in-the-loop-manager.ts#L1879-L1898

 

^{Reviewed by Cursor Bugbot for commit 86f3a53. Configure here.}